/** @file\r
VFR file used by the SecureBoot configuration component.\r
\r
-Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- //\r
- // Display current secure boot mode(one of SetupMode/AuditMode/UserMode/DeployedMode)\r
- //\r
- text\r
- help = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_HELP),\r
- text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_PROMPT),\r
- text = STRING_TOKEN(STR_CUR_SECURE_BOOT_MODE_CONTENT);\r
-\r
text\r
help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),\r
text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),\r
//\r
// Display of Check Box: Attempt Secure Boot\r
//\r
- grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;\r
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,\r
questionid = KEY_SECURE_BOOT_ENABLE,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),\r
endoneof;\r
\r
//\r
- // Display PK include page\r
+ // Display of 'Current Secure Boot Mode'\r
//\r
suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD;\r
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- //\r
- // Display of SetupMode/UserMode/AuditMode/DeployedMode transition\r
- //\r
- oneof name = TransSecureBootMode,\r
- questionid = KEY_TRANS_SECURE_BOOT_MODE,\r
- prompt = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_PROMPT),\r
- help = STRING_TOKEN(STR_TRANS_SECURE_BOOT_MODE_HELP),\r
- flags = INTERACTIVE | NUMERIC_SIZE_1,\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE \r
- OR (ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE AND\r
- ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 0);\r
- option text = STRING_TOKEN(STR_USER_MODE), value = SECURE_BOOT_MODE_USER_MODE, flags = 0;\r
- endif\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_AUDIT_MODE;\r
- option text = STRING_TOKEN(STR_SETUP_MODE), value = SECURE_BOOT_MODE_SETUP_MODE, flags = 0;\r
- endif\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE;\r
- option text = STRING_TOKEN(STR_AUDIT_MODE), value = SECURE_BOOT_MODE_AUDIT_MODE, flags = 0;\r
- endif\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.CurSecureBootMode == SECURE_BOOT_MODE_SETUP_MODE;\r
- option text = STRING_TOKEN(STR_DEPLOYED_MODE), value = SECURE_BOOT_MODE_DEPLOYED_MODE, flags = 0;\r
- endif\r
-\r
- endoneof;\r
-\r
- subtitle text = STRING_TOKEN(STR_NULL);\r
-\r
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),\r
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- goto FORM_FILE_EXPLORER_ID_PK,\r
+ goto FORMID_ENROLL_PK_FORM,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),\r
flags = INTERACTIVE,\r
- key = SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
+ key = FORMID_ENROLL_PK_FORM;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+ label FORMID_ENROLL_PK_FORM;\r
+ label LABEL_END;\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto FORMID_SECURE_BOOT_OPTION_FORM,\r
+ prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE| RESET_REQUIRED,\r
+ key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
+\r
+ goto FORMID_SECURE_BOOT_OPTION_FORM,\r
+ prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE,\r
+ key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
+\r
endform;\r
\r
//\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- goto FORM_FILE_EXPLORER_ID_KEK,\r
+ goto FORMID_ENROLL_KEK_FORM,\r
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),\r
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),\r
flags = INTERACTIVE,\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- goto FORM_FILE_EXPLORER_ID_DB,\r
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
flags = INTERACTIVE,\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- goto FORM_FILE_EXPLORER_ID_DBX,\r
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
flags = INTERACTIVE,\r
label LABEL_END;\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
- prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
- help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
- flags = INTERACTIVE,\r
- key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
- minsize = SECURE_BOOT_GUID_SIZE,\r
- maxsize = SECURE_BOOT_GUID_SIZE,\r
- endstring;\r
+ grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
+ string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,\r
+ prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),\r
+ help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,\r
+ minsize = SECURE_BOOT_GUID_SIZE,\r
+ maxsize = SECURE_BOOT_GUID_SIZE,\r
+ endstring;\r
+ endif;\r
\r
- oneof name = SignatureFormatInDbx,\r
- varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
- prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
- help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;\r
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;\r
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;\r
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;\r
- endoneof;\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1;\r
+ oneof name = X509SignatureFormatInDbx,\r
+ varid = SECUREBOOT_CONFIGURATION.CertificateFormat,\r
+ prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),\r
+ help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;\r
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;\r
+ endoneof;\r
+ endif;\r
\r
- suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2;\r
+ text\r
+ help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string\r
+ text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
+ text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type\r
+ endif;\r
+\r
+ disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3;\r
+ text\r
+ help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string\r
+ text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string\r
+ text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type\r
+ endif;\r
+\r
+ suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;\r
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,\r
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),\r
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),\r
\r
subtitle text = STRING_TOKEN(STR_NULL);\r
\r
- goto FORM_FILE_EXPLORER_ID_DBT,\r
+ goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,\r
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),\r
flags = INTERACTIVE,\r
\r
endform;\r
\r
- //\r
- // File Explorer for PK\r
- //\r
- form formid = FORM_FILE_EXPLORER_ID_PK,\r
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
-\r
- label FORM_FILE_EXPLORER_ID;\r
- label LABEL_END;\r
- endform;\r
-\r
- //\r
- // File Explorer for KEK\r
- //\r
- form formid = FORM_FILE_EXPLORER_ID_KEK,\r
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
-\r
- label FORM_FILE_EXPLORER_ID;\r
- label LABEL_END;\r
- endform;\r
-\r
- //\r
- // File Explorer for DB\r
- //\r
- form formid = FORM_FILE_EXPLORER_ID_DB,\r
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
-\r
- label FORM_FILE_EXPLORER_ID;\r
- label LABEL_END;\r
- endform;\r
-\r
- //\r
- // File Explorer for DBX\r
- //\r
- form formid = FORM_FILE_EXPLORER_ID_DBX,\r
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
-\r
- label FORM_FILE_EXPLORER_ID;\r
- label LABEL_END;\r
- endform;\r
-\r
- //\r
- // File Explorer for DBT\r
- //\r
- form formid = FORM_FILE_EXPLORER_ID_DBT,\r
- title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);\r
-\r
- label FORM_FILE_EXPLORER_ID;\r
- label LABEL_END;\r
- endform;\r
-\r
- //\r
- // Enroll Pk from File Commit Form\r
- //\r
- form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,\r
- title = STRING_TOKEN(STR_SAVE_PK_FILE);\r
-\r
- label SECUREBOOT_ADD_PK_FILE_FORM_ID;\r
- label LABEL_END;\r
-\r
- subtitle text = STRING_TOKEN(STR_NULL);\r
-\r
- text\r
- help = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
- text = STRING_TOKEN(STR_SAVE_AND_EXIT),\r
- text = STRING_TOKEN(STR_NULL),\r
- flags = INTERACTIVE,\r
- key = KEY_VALUE_SAVE_AND_EXIT_PK;\r
-\r
- text\r
- help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
- text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),\r
- text = STRING_TOKEN(STR_NULL),\r
- flags = INTERACTIVE,\r
- key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;\r
-\r
- endform;\r
-\r
endformset;
\ No newline at end of file
projects / mirror_edk2.git / blobdiff